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REMARKS/ARGUMENTS 



In the Office Action, an objection was made to the Abstract as being longer than the 

i 

recommended 50 to 150 words in length. It is nojted that the Abstract was amended in the 

previous communication filed on January 5, 2005, and now has a length of 142 words. 

i 

The objection to the disclosure as containing an embedded hyperlink is also without 



communication filed 



on January 5, 2005 to 



basis, since the specification was amended in the * 

remove the hyperlinks from page 7, 

Withdrawal of the objections to the specification therefore is requested. 
Claims 8, 9, 28, and 29 stand rejected under 35 U.S.C. 1 12, second paragraph. The 

references to X.500 is considered by the Examiner to vague and indefinite. 

With respect, it is submitted that any person skilled in the art to which the present 

application pertains woutd readily understand the 1 meaning of these references to X.500. Such a 

person would be intimately familiar with the maintenance of publishel certificate repositories 

i 

and with the X«500 series of recommendations. These references therefore particularly point out 
and distinctly claim the subject matter of embodiments of the invention in a manner which would 
be clear to a person skilled in the art. Reconsideration and withdrawal of the rejection of these 
claims under 35 U.S.C. 1 1 2, second paragraph, arc respectfully requested. 

Regarding the rejection of claims 12, 31, £3, and 52, and in pa:ticular the language "from 
time to time", as being vague and indefinite, thest claims have been amended to delete this 
language. It is believed that the amended claims j&illy comply with the second paragraph of 
35 U.S.C. 112. 

Turning now to the claim rejections under 35 U.S.C. 103, claims 1 to 7, 10, 1 1, 13 to 27, 

as being unpatentable over United States Patent 



30, 32 to 42, 44 to 51 , and 53 to 55 were rejected j 

No. 6,725,240 (hereinafter Asad) in view of RFC -2632, "S/MIME Version 3 Certificate 
Handling" (hereinafter Ramsdell) and in view of j'UniCERT | Policy Support: Operational 
Controls" (hereinafter UniCERT). As discussed in detail below, however, the cited references, 
whether taken alone or in combination, do not disclose the features defined in the rejected 
claims. 
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As noted on page 4 of the Office Action, Asad teaches protecting against data tampering 



in an audU system. It is acknowledged in the Office Action that Asad 



does not disclose record to 



user mapping, user name to addressable entity mapping, or remote notification for each record. 
Notably, these features which Asad does not disclose constitute nearly the entirety of the 
independent claims. ; 

With reference first to independent claim j 1, for example, Asad does not disclose or 
suggest maintaining a record-user mapping which associates with each of a plurality of record 
identifiers a respective one or more user names. !Asad also fails to disclose or suggest a user 
name-addressable entity mapping. Page 4 of the (Office Action clearly acknowledges that these 
features are not disclosed in Asad. Since no tecojrd-user mapping and no user name-addressable 
entity mapping have been disclosed in Asad, the ched reference also c oes not disclose or suggest 
the obtaining steps defined in claim I , namely obftaining a record's record identifier's respective 

i I 

one or more user names from the record-user mapping and, for each user name in the record's 
record identifier's respective one or more user names, obtaining from a user name-addressable 
entity mapping a respective addressable entity. Tjhe claimed operation of sending a notification 
of the record to the addressable entity is also absent from Asad, as acknowledged in the Office 
Action. 

The Office Action then points to Ramsdejl and its alleged teaching of a certificate 
database, It is not immediately apparent from the Office Action wind i of the claimed features 
Ramsdell supposedly discloses. It would appear jas though Ramsdcll is being relied upon as 
allegedly disclosing the claimed record-user mapping and user name-addressable entity mapping 
defined, for example, in independent claim 1. As discussed in detail below, however, Ramsdell 
does not disclose or suggest these features. I 

The paragraph bridging pages 4 and 5 of the Office Action notes that Ramsdell teaches a 
certificate database which, in its simplest form, would be local to a particular user and would 
function in a similar way as an "address book" th!at stores a user's frequent correspondents. 
According to Ramsdell, a certificate retrieval mechanism can then be imitcd to the certificates 
that a user has stored. The Office Action then refers to Section 4.4.3 of Ramsdell, which refers 
to the subject alternative name extension. This extension is used in S/MIME as the preferred 
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means to convey RFC-822 e-mail address(es) that correspond to the entity for a certificate. It is 



important to note that this entity is not the user referred to in Ramsdell 



in the con text of the 



certificate database. Ramsdell teaches that a user receives and stores certificates from incoming 
messages, and the subject alternative name extension may provide RFC-822 e-mail addres$(es) 
corresponding to the entity for that certificate, in this case the sending party, Therefore, it should 
be appreciated that the user and the entity are not the same. 

On page 5 of the Office Action, reference! * s made to the suggestion on page 10 of 
Ramsdell that processing software should take immediate and noticeable steps to inform the end 
user if a certificate is not provably valid and associated with the message. 

With reference again to claim .1 » the claimed operation of maintaining a record-user 
mapping which associates with each of a plurality of record identifiers a respective one or more 
user names has not been disclosed or suggested in Ramsdell. The certificate database disclosed 
in Ramsdell is a database of certificates that have been received by a user from incoming 
messages and stored. No association between a user name and any tyj>e of record identifier has 
been proposed in Ramsdell. Thus, a record-user mapping is absent from RamsdelL 

The operation of obtaining a record's record identifier's respective one or more user 
names from a record-user mapping is also absent j 
has been disclosed. 

Although this is not specifically discussed in the Office Action, it appears as though the 
Examiner regards the RFC-822 e-mail address(es) of a subject alternaiive name extension as a 
user name-addressable entity mapping. As noted above, however, the user and a certificate cntitj 
in Ramsdell are different parties. Therefore, a subject alternative name extension in a certificate 
that is stored in a user's certificate database cannot reasonably be interpreted as a user name- 
addressable entity mapping. 

j 

Those familiar with S/MIME and certificate handling and processing would also readily 
appreciate that informing the user of a problem With a certificate, as proposed in Ramsdell, is not 
at all analogous to the notification operation as cljaimed. 

When a user receives a message and an attached certificate, for example^ the certificate is 



from Ramsdell, since no record-user mapping 



processed and a determination is made as to whether the certificate is actually valid and is 
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associated with the message with which it was received. In the event that a certificate is not valid 
or is not associated with the message, an error orjother indication is piovided to the receiving 
user. This receiving user is not the entity for which the RFC-822 e-mail address(es) may be 
provided in a subject alternative name extension bf a certificate. An P LFC-822 e-mail address in 
a certificate is not in any way used to inform a receiving user about a problem encountered 
during certificate processing, and the entity corresponding to an RFC-822 e-mail address is not 
notified of any such problems. 

It should be clear from the foregoing thal|Ramsdell does not cure any o f the defects of 
Asad. The combination of Ramsdell and Asad does not disclose, suggest, or in any way render 
obvious at least the claimed record-user mapping, obtaining one or more user names from the 
record-user mapping, a user name-addiessable eijtity mapping, obtaining a respective addressable 
entity for each user name, or sending a notification of a record to the addressable entity. 

Tn the paragraph bridging pages 5 and 6 ojf the Office Action, reference is made to 
UniCERT as disclosing remote notification of a certificate event. HoSvevcr, UniCERT discloses 
only infoiming a subject that their certificate has expired and they shojuld apply for a new 
certificate. There is no teaching or suggestion ofjat least the claimed cecord-user mapping, 
obtaining one or more user names from the recork-user mapping, a user name-addressable entity 

i I 

mapping, or obtaining a respective addressable entity from the user name-addressable entity 
mapping* 

Since none of the cited references teach or suggest at least these features, the combination 
of the cited references cannot possible teach these features, all of which are defined in claim 1 . 

The above features have also been explicitly recited in independent claim 37. 

Turning now to independent claim 20, it is alleged on page 7 cf the Office Action that the 
combination of Asad in view of Ramsdell and UniCERT discloses the claimed limitations. 
Reference is made to Column 8, line 53 to Column 9, line 27 as allegedly disclosing the 
operation of identifying at least one record identifier for which target audit record processing is to 
be performed- With respect, it is noted that the referenced passage of Asad describes an audit 
record creation process, in which an audit client from which an event is received is notified of 
any of various failures during audit record creation. The referenced passage thus relates to audit 
record creation, not to record processing. 
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Id any case, Asad docs not disclose target! audit record processing as defined in claim 20. 
According to the claim, target audit record processing comprises, for iach record identifier for 
which target record processing is to be performed, reading from an associated record the target 
user name which identifies a user name which was a target of an operation which resulted in the 
record, obtaining firom a user name-addressable entity mapping a respective addressable entity 
for the target user name and sending a notification of the record to the addressable entity* 

Reference is made in the Office Action to Section 3 of Ramsdell as al egedly disclosing these 

i . 

features. 

The referenced section of Ramsdell relates to using a distinguijshed name for an Internet 
mail address. Although an Internet mail address jis disclosed by Ramsdell, the reference does not 
disclose reading a target user name from a recorc , obtaining from a usjer name-addtessabic entity 
mapping an addressable entity for the target user name, or sending a notification of a record to 
the addressable entity, as recited in claim 20. 

It is not clear from the Office Action whether an Internet mail address as disclosed in 
Ramsdell is considered by the Examiner to be a user name or an addressable entity. In any case, 
Ramsdell does not disclose the target audit record processing as defined in claim 20. This 
processing involves the features of a user name-addressable entity ma sping and sending a 
notification, which have been discussed in detail jabove with reference to claim 1. 

Independent claim 46 recites at least the above features of independent claim 20 in 



apparatus form* and distinguishes over Asad and 



Ramsdell for the same reasons. 

i 



UniCERT fails to cure these defects in the combined disclosures of Asad and Ramsdell, 

j 

as also discussed in detail above. 

The remaining claims 2 to 19, 21 to 36, 38 to 45, and 47 to 55 depend from the 
independent claims, and distinguish over the cited references for at least the same reasons as the 
independent claims. 

It is therefore respectfully submitted that all of the claims 1 to 55 are patentable over the 
cited references, and reconsideration and withdrawal of the claim rejections under 35 U.S.C. 103 
are thus requested. j 



The Applicant looks forward to early and 



to the issuance of a new Notice of Allowance. Should the Examiner consider there to be any 
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! 

remaining outstanding issues, the undersigned suggests that contact be made by telephone so that 

such issues can be most expeditiously resolved, j 

j 

Respectfully submitted, 



Date: My 19, 2007 

DMW/RAB/wfe 




'R. Allan Brett 
Reg. No. 40,476 
Tel.: (613)232-2486 
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